Page MenuHomePhabricator
Create Task
Maniphest T267327

Run latest Thumbor on Docker with Buster + Python 3
Closed, ResolvedPublic
Actions

Description

Progress saved here: https://github.com/gi11es/thumbor-docker

Current status:

  • Dockerfile successfully running full test suite for Thumbor + Wikimedia Thumbor plugins on Buster/Python 3

Next:

  • Convert Dockerfile to Blubber
  • Run Blubberized Docker image in CI, running the full test suite

Details

SubjectRepoBranchLines +/-
WIP: build docker images using blubber and pip dependenciesoperations/debs/python-thumbor-wikimediamaster+64 -5
Customize query in gerrit

Related Objects
Search...

StatusSubtypeAssignedTask
 StalledNoneT302086 Set scap minimum python version to 3.7
 ResolvedNoneT247045 Migrate all of production metal and VMs to Buster or later
 ResolvedakosiarisT249724 Track and remove jessie based container images from production
 ResolvedJdforrester-WMFT224908 Drop jessie testing support
 ResolvedJdforrester-WMFT224907 Drop php55 testing support
 ResolvedReedyT205039 Release MediaWiki 1.27.6/1.30.2/1.31.2/1.32.2
 ResolvedReedyT205041 Tracking bug for 1.27.6/1.30.2/1.31.2/1.32.2 security release
 ResolvedBawolffT197279 Direct POST to Special:ChangeEmail will bypass reauth check
 ResolvedAnomieT204729 Potential enwiki DOS due to slow WatchedItemStore::countVisitingWatchersMultiple
 ResolvedBawolffT207603 CVE-2019-12471: Loading JS from user space where the username is not a registered account is dangerous and should be banned
 ResolvedBawolffT208881 CSS using var() to create exponential sized calc() on wiki page will crash visitor's browser
 ResolvedLegoktmT199540 Forbid blocking IP ranges as big as /1 and /2, as done on ruwikiquote using the API
 ResolvedLucas_Werkmeister_WMDET212118 API responses for unpatrolled or (not) autopatrolled recent changes require privileges but may be cached publicly
 ResolvedBawolffT209794 Need to make a limit of count of attempts to change email address
 ResolvedsbassettT222036 Exposed suppressed username or log in Special:EditTags
 ResolvedsbassettT222038 Exposed suppressed log in RevisionDelete page
 ResolvedJdforrester-WMFT221739 Patch jQuery due to CVE-2019-11358
 ResolvedsbassettT25227 Use token when logging out
 ResolvedsbassettT221868 Send out wikitech-l post for T25227 ("Use token when logging out")
 ResolvedReedyT205042 Write and send release announcements for 1.27.6/1.30.2/1.31.2/1.32.2 security releases
 ResolvedReedyT205043 Write and send pre-release Announcements for MediaWiki 1.27.6/1.30.2/1.31.2/1.32.2
 ResolvedJdforrester-WMFT205044 Update onwiki release notes for 1.27.6/1.30.2/1.31.2/1.32.2
 ResolvedReedyT205046 Update HISTORY in master after 1.27.6/1.30.2/1.31.2/1.32.2
 ResolvedReedyT205047 Tag MW 1.27.6/1.30.2/1.31.2/1.32.2
 ResolvedReedyT224499 RELEASE-NOTES for 1.27.6/1.30.2/1.31.2/1.32.2
 ResolvedJdforrester-WMFT224912 Update MediaWiki.org links and versions
 ResolvedJdforrester-WMFT224913 EOL REL1_27 and REL1_30 onwiki
 ResolvedReedyT225201 Formally announce EOL of MW 1.27 and 1.30
 ResolvedReedyT225149 Update CVEs and publish them
 ResolvedReedyT205048 Obtain CVEs for 1.27.6/1.30.2/1.31.2/1.32.2 security releases
 ResolvedJdforrester-WMFT224906 Drop php56 testing support
 ResolvedhasharT223348 Run wikimedia/fundraising/crm CI jobs on PHP7x, not PHP5x
 ResolvedhasharT210287 Migrate wikimedia-fundraising-civicrm to a Docker container
 ResolvedJdforrester-WMFT224905 Move wikiba.se tests from php56 to php72
 ResolvedhasharT224591 Migrate contint* hosts to Buster
 Declined MoritzMuehlenhoffT226236 Upload docker-ce 18.06.3 upstream package for Stretch
 InvalidthciprianiT239880 Replacement hardware for buster/stretch upgrade of contint1001 and contint2001
 Resolved mmodellT215458 Convert zuul to use scap
 ResolvedhasharT240551 Remove Zuul Debian package from WMCS instances
 ResolvedJoeT249110 Build and publish a python2 based container to build wheels
 ResolvedJMeybohmT249812 Rebuild helm/helm-diff for buster-wikimedia
 ResolvedJMeybohmT250479 Rebuild helmfile for buster-wikimedia
 DuplicateDzahnT210008 upgrade krypton (webserver_misc_apps) to stretch
 DeclinedDzahnT224194 switch webserver_misc_apps to PHP 7.2 (7.1)
 ResolvedJdforrester-WMFT211784 Upgrade all CI jobs from node6/npm3 to node10/npm6 across all projects
 OpenNoneT198901 Migrate production services to kubernetes using the pipeline
 OpenNoneT210704 Migrate node-based services in production to node10
 ResolvedNoneT225678 Migrate 3d2png to k8s
 ResolvedNoneT267327 Run latest Thumbor on Docker with Buster + Python 3
 DeclinedNoneT269215 Blubber "copies" and "builder command" steps should run in the opposite order

Event Timeline

Gilles created this task.Nov 5 2020, 2:27 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptNov 5 2020, 2:27 PM
Gilles triaged this task as Medium priority.Nov 5 2020, 2:27 PM
Gilles added a comment.Nov 5 2020, 2:31 PM

Seeing that there were a lot of missing or outdated Python Debian packages in Buster compared to what the latest Thumbor master needs, I decided to install the minimum via Debian and all the Python dependencies via pip. Next I will look into whether I can turn all those pip calls into local wheel files, which would be a cleaner way to package this for production.

I think that doing all the Debian packaging and backports required would be very complicated and time-consuming. I don't see the point if we're going to generate a machine image anyway.

I got pretty far with Thumbor itself, but ran into a small amount of remaining test errors that I filed upstream: https://github.com/thumbor/thumbor/issues/1326

Gilles added a subscriber: jijiki.EditedNov 5 2020, 9:09 PM

Progress! Turns out I should have been using pytest instead of nosetest to run the tests. I've filed a small PR to make the python binary used in the Makefile configurable: https://github.com/thumbor/thumbor/pull/1328

This simple Dockerfile now works:

FROM debian:buster

RUN apt-get update
RUN apt-get upgrade -y
RUN apt-get install -y python3 libssl-dev libcurl4-openssl-dev redis memcached imagemagick build-essential cython3 webp ffmpeg gifsicle exiftool libjpeg-turbo-progs libcairo2 python3-distutils curl git coreutils libexiv2-dev libboost-python-dev
WORKDIR /root
RUN curl https://bootstrap.pypa.io/get-pip.py -o get-pip.py
RUN python3 get-pip.py
RUN git clone -b makefile-python-configurable https://github.com/gi11es/thumbor
WORKDIR /root/thumbor
RUN pip3 install setuptools
RUN make PYTHON=python3 setup test

@jijiki would it be acceptable if the Python dependencies for Thumbor 5 run in Kubernetes are brought via wheel files? In my Docker WIP I'm pulling them via pip.

jijiki added a project: serviceops.Nov 6 2020, 12:39 AM
jijiki added a comment.Nov 6 2020, 12:44 AM

@Gilles We do not have any other python applications running on Kubernetes, so we are exploring new ground here. I will discuss it a bit more with serviceops to see how we will handle this.

PS. YAY 🎉 !

jijiki added a project: User-jijiki.Nov 6 2020, 8:56 AM
jijiki added a comment.Nov 6 2020, 12:57 PM

@Gilles Please go ahead bringing deps via wheel files, we do not have any alternative solution for this :)

Gilles updated the task description. (Show Details)Nov 9 2020, 12:45 PM
Gilles moved this task from Inbox, needs triage to Doing (old) on the Performance-Team board.Nov 9 2020, 7:38 PM
jijiki moved this task from Inbox 🐅 to Radar 📻 on the User-jijiki board.Nov 18 2020, 4:11 PM
Gilles mentioned this in T225678: Migrate 3d2png to k8s.Nov 20 2020, 11:36 AM
Aklapper added a parent task: T225678: Migrate 3d2png to k8s.Nov 20 2020, 12:08 PM
Gilles added a comment.Nov 30 2020, 12:07 PM

It's now complete: https://github.com/gi11es/thumbor-docker

Next I will experiment a little with Blubber to see if it could be used to generate this Dockerfile/docker image.

jijiki added a project: SRE.Dec 1 2020, 10:24 AM
jijiki added subscribers: Ladsgroup, JMeybohm, akosiaris.
MoritzMuehlenhoff subscribed.Dec 1 2020, 10:27 AM
Ladsgroup added a comment.Dec 1 2020, 12:55 PM

My 2c. From what I learned from docker books and such, containers and k8s are not recommended for two types of applications: 1- stateful applications (given the ephemeral nature of containers) or 2- High I/O applications (given that it introduce its own network). I use docker for jitsi (the video calling application) and I regret it, it's terrible. I think thumbor might see a performance degradation due to this.

Gilles added a comment.EditedDec 1 2020, 1:30 PM

Thumbor is neither stateful nor high I/O at Wikimedia. There's ATS and Varnish in front of it and it reads and write to Swift, and can re-run past requests safely.

Ladsgroup added a comment.Dec 1 2020, 2:28 PM

oh it's not stateful but I think it's high I/O compared to other applications (maybe not as high as jitsi but higher than other apps in k8s). let's do benchmark and see.

akosiaris added a comment.Dec 1 2020, 3:31 PM
In T267327#6659813, @Ladsgroup wrote:

oh it's not stateful but I think it's high I/O compared to other applications (maybe not as high as jitsi but higher than other apps in k8s). let's do benchmark and see.

I assume you mean network I/O. It's true that thumbor has quite a bit of incoming traffic. Averaging over the last 7 days ~100MBs [1]. Naturally, given the nature of the service is to return thumbnails, return traffic is close to 1/25th of that (avg 3.5MBs). That's about 70% of what currently kubernetes manages[2] (some 150MB/s in and out) for the total of services living on it, without any issues or complaints about performance up to now. So traffic wise we are probably going to be a-ok.

But I think you mean that it's latency/jitter wise that we are going to see a performance degradation, presumably due to the in-kernel DNATs when addressing the kubernetes service, as well as the double load balancing that will be happening (LVS+kubernetes). It's true that this will add a few milliseconds of latency. However, given the fact that thumbor's 75th latency percentile lingers around ~1.5 seconds[3], I think we will not notice it.

[1] https://grafana.wikimedia.org/d/XhFPDdMGz/cluster-overview?viewPanel=84&orgId=1&var-site=eqiad&var-cluster=thumbor&var-instance=All&var-datasource=thanos&from=now-7d&to=now
[2] https://grafana.wikimedia.org/d/XhFPDdMGz/cluster-overview?viewPanel=84&orgId=1&from=now-7d&to=now&var-site=eqiad&var-cluster=kubernetes&var-instance=All&var-datasource=thanos
[3] https://grafana.wikimedia.org/d/Pukjw6cWk/thumbor?viewPanel=35&orgId=1

Gilles added a subtask: T269215: Blubber "copies" and "builder command" steps should run in the opposite order.Dec 2 2020, 10:30 AM
dduvall closed subtask T269215: Blubber "copies" and "builder command" steps should run in the opposite order as Declined.Dec 8 2020, 6:08 PM
wkandek subscribed.Dec 9 2020, 8:10 AM
Krinkle moved this task from Doing (old) to Doing: Goals on the Performance-Team board.Mar 2 2021, 9:00 PM
Gilles moved this task from Doing: Goals to Abstract Wikipedia matrixing on the Performance-Team board.Mar 17 2021, 9:24 AM
Gilles updated the task description. (Show Details)Mar 18 2021, 1:35 PM
Gilles reassigned this task from Gilles to cmassaro.Apr 26 2021, 6:14 PM
Gilles moved this task from Abstract Wikipedia matrixing to Doing: Goals on the Performance-Team board.May 20 2021, 2:07 PM
AntiCompositeNumber added a project: Thumbor.Jul 2 2021, 1:11 PM
JoKalliauer subscribed.Jul 2 2021, 2:43 PM
Krinkle moved this task from Doing: Goals to Inbox, needs triage on the Performance-Team board.Sep 17 2021, 2:15 PM
Krinkle subscribed.Sep 17 2021, 2:20 PM

Moving back for re-triage as it's been dormant 6 months in a columnn for things "this quarter".

dpifke moved this task from Inbox, needs triage to Backlog: Maintenance, non-prioritized on the Performance-Team board.Oct 12 2021, 6:55 PM
Jdforrester-WMF removed cmassaro as the assignee of this task.Oct 26 2021, 5:52 PM
Jdforrester-WMF added a subscriber: cmassaro.
AntiCompositeNumber mentioned this in T294484: <Code Stewardship Review> Thumbor.Oct 28 2021, 3:53 AM
Fuzheado subscribed.Dec 16 2021, 4:39 PM
Xeriphas1994 subscribed.Feb 8 2022, 8:22 PM
hnowlan subscribed.Mar 16 2022, 3:53 PM
gerritbot added a comment.Mar 16 2022, 5:52 PM

Change 771416 had a related patch set uploaded (by Hnowlan; author: Hnowlan):

[operations/debs/python-thumbor-wikimedia@master] WIP: build docker images using blubber and pip dependencies

https://gerrit.wikimedia.org/r/771416

gerritbot added a project: Patch-For-Review.Mar 16 2022, 5:52 PM
Krinkle edited projects, added Performance-Team (Radar); removed Performance-Team.Apr 13 2022, 10:56 PM
Krinkle moved this task from Limbo to Watching on the Performance-Team (Radar) board.
gerritbot added a comment.Aug 23 2022, 1:44 PM

Change 771416 abandoned by Hnowlan:

[operations/debs/python-thumbor-wikimedia@master] WIP: build docker images using blubber and pip dependencies

Reason:

https://gerrit.wikimedia.org/r/771416

jijiki moved this task from Incoming 🐫 to 🙈🙉🙊Backlog on the serviceops board.Sep 28 2022, 2:24 PM
Krinkle removed a project: Performance-Team (Radar).Aug 7 2023, 1:28 AM
Krinkle unsubscribed.
Aklapper mentioned this in T210704: Migrate node-based services in production to node10.Aug 14 2023, 11:38 AM
Reedy mentioned this in T345952: 3d2png npm install errors.Sep 8 2023, 8:23 PM
hnowlan closed this task as Resolved.Oct 2 2023, 9:35 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits